maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

also validate existence of ssl-key file in vhost generation

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2020-12-10 09:47:58 +01:00
parent aba97df9b2
commit ee5de56a94
3 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/Froxlor/Cron/Http/Apache.php
View File

@@ -425,6 +425,11 @@ class Apache extends HttpConfigBase
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
if (! file_exists($row_ipsandports['ssl_key_file'])) {
// explicitly disable ssl for this vhost
$row_ipsandports['ssl_cert_file'] = "";
\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . Settings::Get('system.hostname') . '"');
}
}
if ($row_ipsandports['ssl_ca_file'] == '') {
@@ -960,8 +965,13 @@ class Apache extends HttpConfigBase
}
}
if ($domain['ssl_key_file'] == '') {
if ($domain['ssl_key_file'] == '' || ! file_exists($domain['ssl_key_file'])) {
$domain['ssl_key_file'] = Settings::Get('system.ssl_key_file');
if (! file_exists($domain['ssl_key_file'])) {
// explicitly disable ssl for this vhost
$domain['ssl_cert_file'] = "";
\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . $domain['domain'] . '"');
}
}
if ($domain['ssl_ca_file'] == '') {

4
lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
View File

@@ -271,7 +271,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
* @param int $domain_id
* @param FroxlorLogger $cronlog
*/
private static function validateDns(&$domains = array(), $domain_id, &$cronlog)
private static function validateDns(array &$domains, $domain_id, &$cronlog)
{
if (Settings::Get('system.le_domain_dnscheck') == '1' && ! empty($domains)) {
$loop_domains = $domains;
@@ -290,7 +290,7 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
}
}
private static function runAcmeSh($certrow = array(), $domains = array(), &$cronlog = null, $force = false)
private static function runAcmeSh(array $certrow, array $domains, &$cronlog = null, $force = false)
{
if (! empty($domains)) {

14
lib/Froxlor/Cron/Http/Nginx.php
View File

@@ -166,6 +166,11 @@ class Nginx extends HttpConfigBase
}
if ($row_ipsandports['ssl_key_file'] == '') {
$row_ipsandports['ssl_key_file'] = Settings::Get('system.ssl_key_file');
if (! file_exists($row_ipsandports['ssl_key_file'])) {
// explicitly disable ssl for this vhost
$row_ipsandports['ssl_cert_file'] = "";
\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . Settings::Get('system.hostname') . '"');
}
}
if ($row_ipsandports['ssl_ca_file'] == '') {
$row_ipsandports['ssl_ca_file'] = Settings::Get('system.ssl_ca_file');
@@ -669,8 +674,15 @@ class Nginx extends HttpConfigBase
}
}
if ($domain_or_ip['ssl_key_file'] == '') {
if ($domain_or_ip['ssl_key_file'] == '' || ! file_exists($domain_or_ip['ssl_key_file'])) {
// use fallback
$domain_or_ip['ssl_key_file'] = Settings::Get('system.ssl_key_file');
// check whether it exists
if (! file_exists($domain_or_ip['ssl_key_file'])) {
// explicitly disable ssl for this vhost
$domain_or_ip['ssl_cert_file'] = "";
\Froxlor\FroxlorLogger::getInstanceOf()->logAction(\Froxlor\FroxlorLogger::CRON_ACTION, LOG_DEBUG, 'System certificate key-file "' . Settings::Get('system.ssl_key_file') . '" does not seem to exist. Disabling SSL-vhost for "' . $domain_or_ip['domain'] . '"');
}
}
if ($domain_or_ip['ssl_ca_file'] == '') {